Merge commit 'dkg/master'

[monkeysphere.git] / src / monkeysphere-server

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 9d0d9b33b80101942491b64a68e86c6803bc00a4..4d7acc6cb50276bb7a46ae589d3c6995ed540252 100755 (executable)
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -47,8 +47,8 @@ subcommands:
   publish-key (p)                       publish server's host key to keyserver
 
   add-identity-certifier (a) KEYID      import and tsign a certification key
-    -n|--domain DOMAIN                    domain of certifier ()
-    -t|--trust TRUST                      trust level of certifier (2)
+    -n|--domain DOMAIN                    limit ID certifications to IDs in DOMAIN ()
+    -t|--trust TRUST                      trust level of certifier (full)
     -d|--depth DEPTH                      trust depth for certifier (1)
   remove-identity-certifier (r) KEYID   remove a certification key
   list-identity-certifiers (l)          list certification keys
@@ -383,10 +383,11 @@ add_certifier() {
     local keyID
     local fingerprint
     local ltsignCommand
+    local trustval
 
     # set default values for trust depth and domain
     domain=
-    trust=2
+    trust=full
     depth=1
 
     # get options
@@ -423,6 +424,9 @@ add_certifier() {
     done
 
     keyID="$1"
+    if [ -z "$keyID" ] ; then
+       failure "You must specify the key ID of a key to add."
+    fi
     export keyID
 
     # export host ownertrust to authentication keyring
@@ -438,7 +442,8 @@ add_certifier() {
     echo "key found:"
     gpg_authentication "--fingerprint $fingerprint"
 
-    read -p "Are you sure you want to add this key as a certifier of users on this system? (y/N) " OK; OK=${OK:-N}
+    echo "Are you sure you want to add this key as a certifier of"
+    read -p "users on this system? (y/N) " OK; OK=${OK:-N}
     if [ "${OK/y/Y}" != 'Y' ] ; then
        failure "aborting."
     fi
@@ -446,12 +451,20 @@ add_certifier() {
     # export the key to the host keyring
     gpg_authentication "--export $keyID" | gpg_host --import
 
+    if [ "$trust" == marginal ]; then
+       trustval=1
+    elif [ "$trust" == full ]; then
+       trustval=2
+    else
+       failure "trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)"
+    fi
+
     # ltsign command
     # NOTE: *all* user IDs will be ltsigned
     ltsignCommand=$(cat <<EOF
 ltsign
 y
-$trust
+$trustval
 $depth
 $domain
 y
@@ -472,6 +485,9 @@ remove_certifier() {
     local fingerprint
 
     keyID="$1"
+    if [ -z "$keyID" ] ; then
+       failure "You must specify the key ID of a key to remove."
+    fi
 
     # delete the requested key (with prompting)
     gpg_host --delete-key "$keyID"
@@ -550,16 +566,10 @@ case $COMMAND in
        ;;
 
     'add-identity-certifier'|'add-certifier'|'a')
-       if [ -z "$1" ] ; then
-           failure "You must specify a key ID."
-       fi
        add_certifier "$1"
        ;;
 
     'remove-identity-certifier'|'remove-certifier'|'r')
-       if [ -z "$1" ] ; then
-           failure "You must specify a key ID."
-       fi
        remove_certifier "$1"
        ;;